Closed jamacku closed 1 year ago
An idea: The usage pattern is now a bit more complicated (checkout, diff lint, upload sarif). I'm curious whether we could encapsulate and call those from within the action?
In Differential ShellCheck
we use PUT https://api.github.com/repos/${GITHUB_REPOSITORY}/code-scanning/analysis
for uploading SARIF, but I don't know how reliable it will be in future since it's not documented anywhere. And in GitHub docs they always mention using github/codeql-action/upload-sarif
.
But I agree. The setup is a bit more complicated now with SARIF.
Use
csgrep
to save defects in SARIF format and return the file's location in thesarif
output.Path to SARIF file can be accessed using
${{ steps.<id>.outputs.sarif }}
.Tested in: